News Brief

Cybersecurity firm Intrusion to settle SEC fraud claims


Texas-based cybersecurity company Intrusion was charged with fraud by the Securities and Exchange Commission regarding alleged materially false and misleading statements made by its former chief executive.

California skyline


California cybersecurity audit rule scope begins taking shape at CPPA meeting


A final version of California’s cybersecurity audit rules likely won’t be released until later next year at the earliest, according to a rough timeline discussed by the California Privacy Protection Agency.



Paying ransom to avoid GDPR fine an unwise gambit


Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.


News Brief

Verizon unit to pay $4.1M in cybersecurity false claims case


Verizon Business Network Services agreed to pay approximately $4.1 million to settle allegations levied by the Department of Justice regarding false claims caused by failure to fully implement cybersecurity controls required of a government contractor.



Preparing for SEC cybersecurity rules an opportunity for collaboration


Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.

Cyber locks


Cyber expert: Reach for data security to achieve compliance


Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.

halock 300x200


CPE Webcast: Five deliverables every cybersecurity team needs to survive, thrive and comply with the new SEC Cybersecurity Rule

2023-08-15T14:00:00+01:00Provided by HALOCK Security Labs

In today’s fast-paced business world, firms must adapt to the ever-changing mobile compliance and technology landscape to stay competitive.

New York cyber-security

News Brief

N.Y. cyber strategy puts pressure on banks, energy sector


New York will closely monitor the cybersecurity protections in place at institutions in the financial and energy sectors as part of its first statewide cybersecurity strategy.



Oct 24 | Unprepared for SEC cyber disclosures? You can get through this

2023-08-04T20:47:00+01:00Provided by HALOCK Security Labs

Learn what cybersecurity strategy, governance, and risk management are and how to use an emerging definition for reasonable cybersecurity controls to help you define materiality.



Covington mulling appeal of ruling in SEC breached client case


Covington & Burling is leaving open the possibility of appealing a recent federal court order requiring the law firm to provide the names of hacked clients to the Securities and Exchange Commission.

Federal Reserve

News Brief

Fed report highlights emerging cyber threats, including generative AI


The Federal Reserve listed the proliferation of generative artificial intelligence tools among areas of emerging cybersecurity threats for banks to monitor as part of its annual resilience report.



Risks, opportunities under SEC’s cyber incident disclosure rule


The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.


News Brief

​Senator pushes for probe into Microsoft’s ‘negligent cybersecurity practices’


Sen. Ron Wyden (D-Ore.) is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.


News Brief

SEC adopts rule requiring cyber incident disclosures within four days


The Securities and Exchange Commission finalized its controversial rule requiring public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days.



IBM report: Data breach costs at all-time high; AI helping detection


The global average cost of a data breach reached a new all-time high of $4.45 million in 2023, according to IBM’s annual report.

Google building

News Brief

Tech giants, White House agree to AI risk management guidelines


Technology companies including Google, Meta, and OpenAI agreed to a series of voluntary commitments they’ll make regarding their management of risks when developing artificial intelligence systems.

White House


Biden cyber strategy plan calls for big businesses to step up


The “biggest, most capable, and best-positioned” businesses must assume a greater share of mitigating cyber risks, the White House said in announcing the National Cybersecurity Strategy Implementation Plan.

Business success


Survey: Investment adviser compliance ramps up testing on advertising, marketing


The most popular mock exams conducted by compliance professionals at investment adviser firms this year have been on the Securities and Exchange Commission’s advertising/marketing rule, according to a new poll.

AI risks


Experts: Ways to stay ahead of generative AI risks


Not all companies can rely on bans or restrictions to employee use of generative artificial intelligence like ChatGPT. Instead of telling people what they can’t do, focus on what they can do.


News Brief

CFTC assembles task forces to combat cyber and tech issues, ESG fraud


The Enforcement Division of the Commodity Futures Trading Commission announced it established two new task forces to combat cyberattacks and misuse of technology and environmental fraud.

Computer hacked


Growing list of MOVEit hack victims shows damage control difficulties


More than 130 organizations are believed to have been impacted by the MOVEit hack, with millions of people’s data at risk. Experts opine on the struggles businesses face in containing exposure.

Gurbir Grewal


SEC’s Grewal spotlights enforcement focus on cyber disclosures


The No. 1 priority at the Securities and Exchange Commission after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to Enforcement Division Director Gurbir Grewal.


News Brief

APRA pressures Medibank on cyber enhancements post-breach


The Australian Prudential and Regulation Authority will require Medibank Private to hold 250 million Australian dollars (U.S. $166 million) in extra capital until the insurer remediates identified cybersecurity weaknesses after a significant data breach.



MOVEit ransomware attack shows sophistication of cybercriminals

2023-06-28T00:06:00+01:00By Paul Dwyer, for International Compliance Association

In an era marked by an increase in digital threats, it’s vital to understand how sophisticated cybercriminal syndicates like Clop can impact the financial sector.

Cybersecurity offices


NAVEX report: Driven by cyber threats, infosec compliance top of mind


Compliance teams are taking more responsibility for issues related to information security and data privacy, motivated by increasing threats posed by data breaches and cyber intrusions, according to a new survey from NAVEX.



CFTC commissioner crafting potential proposed rule on cyber resiliency


The Commodity Futures Trading Commission’s Technology Advisory Committee sponsored by Commissioner Christy Goldsmith Romero is crafting potential rulemaking to establish cyber resiliency baselines among swap dealers and futures commission merchants.


News Brief

​FCC forms consumer data privacy task force


The Federal Communications Commission announced the launch of a new task force to coordinate privacy and data protection efforts at the agency, which oversees a telecommunications industry often targeted by cybercriminals.

File transfer hack


Shades of SolarWinds in lessons from MOVEit hack


A ransomware attack affecting some of the U.K.’s largest corporations has highlighted once again how exposed organizations can be if the levels of cybersecurity used by their third parties are not as strong as expected.


News Brief

SEC spring 2023 regulatory agenda: 37 rules in final stage


The rest of the year is shaping up to be busy at the Securities and Exchange Commission, where final rules regarding climate-related disclosures, enhanced cybersecurity risk governance, and more are all on the near-term agenda.



Verizon report: Lion’s share of data breaches linked to organized crime


About 83 percent of data breaches are perpetrated by external bad actors and not employees, with 70 percent of those breaches linked to organized crime groups with financial motives, according to the latest research.

Bank risk


KPMG report: Bank supervision, cyber among reg focus areas for rest of year


A new report by KPMG on key regulatory challenges for the second half of 2023 warned financial institutions to prepare for increased scrutiny, while all companies should expect more questions on how they oversee their cybersecurity and data management programs.

Amazon Alexa

News Brief

FTC orders Amazon pay $30M for alleged Alexa, Ring privacy violations


Amazon is set to pay more than $30 million comprised of a civil penalty and consumer refunds to resolve two separate cases alleging privacy violations regarding its Alexa voice assistant service and Ring doorbell subsidiary.

Auditboard thumbnail


e-Book: New audit risk landscape: ESG, cyber, more

2023-05-31T01:27:00+01:00Provided by

As companies face sustainability reporting challenges, accounting and audit firms are fielding increased requests for assistance, along with demands from investors and regulatory bodies for assurance on disclosures.

OneMain Financial

News Brief

OneMain Financial fined $4.25M in NYDFS cybersecurity case


Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.


News Brief

FTC warns businesses to risk assess uses of biometric technologies


Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.


News Brief

Ex-Uber security chief avoids prison in obstruction case


The former chief security officer of Uber Technologies was sentenced to probation by a federal court judge as punishment for his involvement in covering up a 2016 data breach that affected 57 million users.

SEC office

News Brief

SEC risk alert flags branch office cybersecurity controls


The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.


News Brief

HHS teases policy changes stemming from cyber resiliency analysis


Some U.S. hospitals are falling short in protecting themselves from cyberattacks, with 29 percent of facilities recently surveyed lacking a documented GRC system, a new report from the Department of Health and Human Services found.



How to avoid pitfalls of scaling business with generative AI


Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.

Treasury Department

News Brief

Treasury: DeFi services vulnerable to AML/CFT, cybersecurity risks


A new U.S. Treasury report concluded that decentralized finance services are being used by bad actors to launder the proceeds of illegal activity, aided by crypto platforms weak or non-existent in anti-money laundering and sanctions compliance programs.



CPE Webcast: Cyber risk management through an economic lens

2023-04-04T11:00:00+01:00Provided by

How can you build a mature cyber resilience program within your business with a critical lack of technical know-how, significant budget constraints, and few-to-no monitoring of third-party risks?


News Brief

TikTok CEO to boast data security efforts in Congress testimony


The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.


News Brief

CISA pilot program seeks to bolster ransomware preparedness


The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.


News Brief

​SEC proposes Reg S-P updates on incident response, breach notifications


The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.

DOJ building

News Brief

​Web hosting company fined in DOJ cyber fraud case


Web hosting company Jelly Bean Communications Design and its manager agreed to pay $293,771 in the latest Department of Justice case holding government contractors accountable for poor cybersecurity practices.


News Brief

SEC orders Blackbaud to pay $3M for misleading ransomware disclosures


Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.

HHS building

News Brief

HHS creates new enforcement office for health privacy


The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.



Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023


As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?

Cloud data


Cloud ‘not a silver bullet’ for security


A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.

United States cyber


‘This is where we are now’: Cyber environment calls for continuous monitoring


Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.